parent
025e36bf10
commit
754670ad12
@ -0,0 +1,44 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/smallstep/certificates/ca"
|
||||
)
|
||||
|
||||
func main() {
|
||||
if len(os.Args) != 2 {
|
||||
fmt.Fprintf(os.Stderr, "Usage: %s <token>\n", os.Args[0])
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
token := os.Args[1]
|
||||
|
||||
// make sure to cancel the renew goroutine
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
client, err := ca.BootstrapClient(ctx, token, ca.AddFederationToRootCAs())
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
for {
|
||||
resp, err := client.Get("https://127.0.0.1:8443")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
b, err := ioutil.ReadAll(resp.Body)
|
||||
resp.Body.Close()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
fmt.Printf("Server responded: %s\n", b)
|
||||
time.Sleep(5 * time.Second)
|
||||
}
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBvjCCAWSgAwIBAgIQPDSG4MCReDzPu96+Cb5e0TAKBggqhkjOPQQDAjApMScw
|
||||
JQYDVQQDEx5TbWFsbHN0ZXAgUHVibGljIENsb3VkIFJvb3QgQ0EwHhcNMTkwMTE4
|
||||
MjEwNjE2WhcNMjkwMTE1MjEwNjE2WjAxMS8wLQYDVQQDEyZTbWFsbHN0ZXAgUHVi
|
||||
bGljIENsb3VkIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
|
||||
A0IABCQRZefT8U34OiW3o+R2/Ob2DUWrcL87jj9D7IGtAgOjulbfoJaH3rnJumG2
|
||||
DtMImBJ1hPa2mXMjThnjOXSlGA+jZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
|
||||
Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBSCHPvFHHqEJU82OtFPZVHhstA/rDAfBgNV
|
||||
HSMEGDAWgBSMOU1vYot1qfDaTG2uY9l2nQNSADAKBggqhkjOPQQDAgNIADBFAiEA
|
||||
hojptJQvmTlu9Ybyr9UCL6Akiks8U1RPF2NS+YKZm+8CIDjbipMuz5AXCez57/5r
|
||||
ZrEv0JxcWpK6AxfitwyYg34e
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,11 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBkjCCATigAwIBAgIRAKqKZhDGVx8dcxTDGpowzNEwCgYIKoZIzj0EAwIwJzEl
|
||||
MCMGA1UEAxMcU21hbGxzdGVwIEt1YmVybmV0ZXMgUm9vdCBDQTAeFw0xOTAxMTgy
|
||||
MTA2NDdaFw0yOTAxMTUyMTA2NDdaMCcxJTAjBgNVBAMTHFNtYWxsc3RlcCBLdWJl
|
||||
cm5ldGVzIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASst212A8a9
|
||||
h1DBFEzCgIaoZEWWf0JlBkSmnlHCHZLK2ookNKY6k8UAki4o1xpYjeLtlL4xn4WL
|
||||
mMEafC2tPQvxo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIB
|
||||
ATAdBgNVHQ4EFgQU1+ia0R8GNWYXgs7qkbXHzinghlEwCgYIKoZIzj0EAwIDSAAw
|
||||
RQIgDQlbDQxnNxRsR8d/lQiBSy6v0u6BOmftfbB3y0CcGI4CIQC2dxkUvi6GsfHs
|
||||
zRgU5ZPIT7sVEfNi9G3GZABj0vOnvQ==
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,11 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBlTCCATygAwIBAgIRAPykhdlDneUGU9rI1g+Y40MwCgYIKoZIzj0EAwIwKTEn
|
||||
MCUGA1UEAxMeU21hbGxzdGVwIFB1YmxpYyBDbG91ZCBSb290IENBMB4XDTE5MDEx
|
||||
ODIxMDYxM1oXDTI5MDExNTIxMDYxM1owKTEnMCUGA1UEAxMeU21hbGxzdGVwIFB1
|
||||
YmxpYyBDbG91ZCBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESc9z
|
||||
Y77gf4XhCCOzsAhvMThV3Wro6EVnfBaSlmmnq15VaONG6FP7kVyJEM+XD75Thu10
|
||||
AsxwB0w4WxKIJ63TNaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
|
||||
Af8CAQEwHQYDVR0OBBYEFIw5TW9ii3Wp8NpMba5j2XadA1IAMAoGCCqGSM49BAMC
|
||||
A0cAMEQCICVylyEZfBBilwKN1nvS4j9Lbt6/nhF5DH9K/wjPIBhiAiBZojDvMZhj
|
||||
mreuuFfRC4kWE/OUG5Iz2qVUtlvL/NaXXQ==
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,40 @@
|
||||
{
|
||||
"root": "pki/cloud/certs/root_ca.crt",
|
||||
"federatedRoots": ["pki/cloud/certs/kubernetes_root_ca.crt"],
|
||||
"crt": "pki/cloud/certs/intermediate_ca.crt",
|
||||
"key": "pki/cloud/secrets/intermediate_ca_key",
|
||||
"address": ":1443",
|
||||
"dnsNames": [
|
||||
"localhost"
|
||||
],
|
||||
"logger": {
|
||||
"format": "text"
|
||||
},
|
||||
"authority": {
|
||||
"provisioners": [
|
||||
{
|
||||
"name": "sebastian@smallstep.com",
|
||||
"type": "jwk",
|
||||
"key": {
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
"kid": "EE1ZiqkMaxsUdpz8SCSkRBzwK9TWUoidQnMnJ8Eryn8",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "BcoXteWHdYxXUrckEQwEQDol2nM97J8KIg7GiXc3AMc",
|
||||
"y": "8QkL41tl7BZ5uIf_VTOEypp8vsKUnDGpNdrfk0FNt0Q"
|
||||
},
|
||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEwMDAwMCwicDJzIjoicTV2MkZ2bmRjNnF0ZWlEZkVBNWI5ZyJ9.MZCVUhU1yuYkhKbQqJDJX0Y6d1X6ranvIeGHIpWLc_STHAgta8c0tA.4o-sw0jTV064OtuL.QVqIo2l0Qf_MRXVghjFYUFkWlK-3VomqzskLLDfLz1norWQa-wEdV56_CIZ7gAPxiLj2N6VOlpEg-sKA2xL3w9b-2WovH_o93iN2MziiWajFf9uq-41LVyEeROd_6Gs4TQbxyz5rk_iMsZeRNRKTpYvW1E2lA4YlMTm4QLV7s7xkGaWsL_-pATfb24bnDMrjRyAVLR61rPHxUQ2wcK_hRG272xoSAsNOWRrUcnDYzjylj-YfmhQZy77Rf38Rxy3UlhB4iMB-y7wMoMuseRKTvBEncL-c0wrllKWUP_KjCl6VeanKWAGUilbmgIpEa1Y_QbNZTD9t0rw2TJSkjx0.CNtEZWZrfp542E65F2oi4w"
|
||||
}
|
||||
]
|
||||
},
|
||||
"tls": {
|
||||
"cipherSuites": [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
],
|
||||
"minVersion": 1.2,
|
||||
"maxVersion": 1.2,
|
||||
"renegotiation": false
|
||||
}
|
||||
}
|
@ -0,0 +1,40 @@
|
||||
{
|
||||
"root": "pki/cloud/certs/root_ca.crt",
|
||||
"federatedRoots": [],
|
||||
"crt": "pki/cloud/certs/intermediate_ca.crt",
|
||||
"key": "pki/cloud/secrets/intermediate_ca_key",
|
||||
"address": ":1443",
|
||||
"dnsNames": [
|
||||
"localhost"
|
||||
],
|
||||
"logger": {
|
||||
"format": "text"
|
||||
},
|
||||
"authority": {
|
||||
"provisioners": [
|
||||
{
|
||||
"name": "sebastian@smallstep.com",
|
||||
"type": "jwk",
|
||||
"key": {
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
"kid": "EE1ZiqkMaxsUdpz8SCSkRBzwK9TWUoidQnMnJ8Eryn8",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "BcoXteWHdYxXUrckEQwEQDol2nM97J8KIg7GiXc3AMc",
|
||||
"y": "8QkL41tl7BZ5uIf_VTOEypp8vsKUnDGpNdrfk0FNt0Q"
|
||||
},
|
||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEwMDAwMCwicDJzIjoicTV2MkZ2bmRjNnF0ZWlEZkVBNWI5ZyJ9.MZCVUhU1yuYkhKbQqJDJX0Y6d1X6ranvIeGHIpWLc_STHAgta8c0tA.4o-sw0jTV064OtuL.QVqIo2l0Qf_MRXVghjFYUFkWlK-3VomqzskLLDfLz1norWQa-wEdV56_CIZ7gAPxiLj2N6VOlpEg-sKA2xL3w9b-2WovH_o93iN2MziiWajFf9uq-41LVyEeROd_6Gs4TQbxyz5rk_iMsZeRNRKTpYvW1E2lA4YlMTm4QLV7s7xkGaWsL_-pATfb24bnDMrjRyAVLR61rPHxUQ2wcK_hRG272xoSAsNOWRrUcnDYzjylj-YfmhQZy77Rf38Rxy3UlhB4iMB-y7wMoMuseRKTvBEncL-c0wrllKWUP_KjCl6VeanKWAGUilbmgIpEa1Y_QbNZTD9t0rw2TJSkjx0.CNtEZWZrfp542E65F2oi4w"
|
||||
}
|
||||
]
|
||||
},
|
||||
"tls": {
|
||||
"cipherSuites": [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
],
|
||||
"minVersion": 1.2,
|
||||
"maxVersion": 1.2,
|
||||
"renegotiation": false
|
||||
}
|
||||
}
|
@ -0,0 +1,8 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,61d1fda0c56e8b8fcf2eb8ba5e20903f
|
||||
|
||||
pFdzP/NSsBCJ3LiVNd6Qg8BRZrNO9+MOcXeg93LAOFQVOswPRya+tfTojfv6t4Lm
|
||||
qJYJlENAAKCjM5+GuMeslTpyqlgDvUYi36v4FAxvLNp49r+nzKXqq0chIPhlLwGb
|
||||
Mr8rEtX97vosyYEtsYhbjjzgCJXMhBXzi9tbLkkiRxw=
|
||||
-----END EC PRIVATE KEY-----
|
@ -0,0 +1,8 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,78223655d6ee4b458ff2d5b79dadbd06
|
||||
|
||||
+bHgP06x5ScVppDSysFN/1xVPnC5MrrUhG7zLG/eX6yJrj4YegthwnDrCuWSCc9U
|
||||
0fv0jJ0QGGm8YL5NdH1EpOF7f3+KhOaCv3KLUFJqDWy7HC9anvLHRZPxEeGgndfZ
|
||||
5EJz043Lg7xYSDDaH1a0ZVcHPpyiUJNhS9lxmOQP+Ec=
|
||||
-----END EC PRIVATE KEY-----
|
@ -0,0 +1,11 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBlTCCATygAwIBAgIRAPykhdlDneUGU9rI1g+Y40MwCgYIKoZIzj0EAwIwKTEn
|
||||
MCUGA1UEAxMeU21hbGxzdGVwIFB1YmxpYyBDbG91ZCBSb290IENBMB4XDTE5MDEx
|
||||
ODIxMDYxM1oXDTI5MDExNTIxMDYxM1owKTEnMCUGA1UEAxMeU21hbGxzdGVwIFB1
|
||||
YmxpYyBDbG91ZCBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESc9z
|
||||
Y77gf4XhCCOzsAhvMThV3Wro6EVnfBaSlmmnq15VaONG6FP7kVyJEM+XD75Thu10
|
||||
AsxwB0w4WxKIJ63TNaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
|
||||
Af8CAQEwHQYDVR0OBBYEFIw5TW9ii3Wp8NpMba5j2XadA1IAMAoGCCqGSM49BAMC
|
||||
A0cAMEQCICVylyEZfBBilwKN1nvS4j9Lbt6/nhF5DH9K/wjPIBhiAiBZojDvMZhj
|
||||
mreuuFfRC4kWE/OUG5Iz2qVUtlvL/NaXXQ==
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,12 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBuzCCAWGgAwIBAgIRAK/si8hkdtyDLAjg6ZiRxIgwCgYIKoZIzj0EAwIwJzEl
|
||||
MCMGA1UEAxMcU21hbGxzdGVwIEt1YmVybmV0ZXMgUm9vdCBDQTAeFw0xOTAxMTgy
|
||||
MTA2NDlaFw0yOTAxMTUyMTA2NDlaMC8xLTArBgNVBAMTJFNtYWxsc3RlcCBLdWJl
|
||||
cm5ldGVzIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||
BBIuNImYDPC6BIGm0/C97su9GPsrGoS2uSHDuPIORbaGPtGI8A2SHInw7pHXRqnW
|
||||
5TvrbCOcLI2Ao2RQvAd/9jCjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
|
||||
CDAGAQH/AgEAMB0GA1UdDgQWBBT3w/Rtaw3B4mjhqwDb+/tCFLQTozAfBgNVHSME
|
||||
GDAWgBTX6JrRHwY1ZheCzuqRtcfOKeCGUTAKBggqhkjOPQQDAgNIADBFAiEAz8Lo
|
||||
GPyrFRGvQ6Eie/qIjJByNEmN3FCOJOJr0J7csy0CIBLxKfMhsT719con+/ZMBNRt
|
||||
HEV9xTWpPhUvnlsTPIJl
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,11 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBkjCCATigAwIBAgIRAKqKZhDGVx8dcxTDGpowzNEwCgYIKoZIzj0EAwIwJzEl
|
||||
MCMGA1UEAxMcU21hbGxzdGVwIEt1YmVybmV0ZXMgUm9vdCBDQTAeFw0xOTAxMTgy
|
||||
MTA2NDdaFw0yOTAxMTUyMTA2NDdaMCcxJTAjBgNVBAMTHFNtYWxsc3RlcCBLdWJl
|
||||
cm5ldGVzIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASst212A8a9
|
||||
h1DBFEzCgIaoZEWWf0JlBkSmnlHCHZLK2ookNKY6k8UAki4o1xpYjeLtlL4xn4WL
|
||||
mMEafC2tPQvxo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIB
|
||||
ATAdBgNVHQ4EFgQU1+ia0R8GNWYXgs7qkbXHzinghlEwCgYIKoZIzj0EAwIDSAAw
|
||||
RQIgDQlbDQxnNxRsR8d/lQiBSy6v0u6BOmftfbB3y0CcGI4CIQC2dxkUvi6GsfHs
|
||||
zRgU5ZPIT7sVEfNi9G3GZABj0vOnvQ==
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,40 @@
|
||||
{
|
||||
"root": "pki/kubernetes/certs/root_ca.crt",
|
||||
"federatedRoots": ["pki/kubernetes/certs/cloud_root_ca.crt"],
|
||||
"crt": "pki/kubernetes/certs/intermediate_ca.crt",
|
||||
"key": "pki/kubernetes/secrets/intermediate_ca_key",
|
||||
"address": ":2443",
|
||||
"dnsNames": [
|
||||
"localhost"
|
||||
],
|
||||
"logger": {
|
||||
"format": "text"
|
||||
},
|
||||
"authority": {
|
||||
"provisioners": [
|
||||
{
|
||||
"name": "sebastian@smallstep.com",
|
||||
"type": "jwk",
|
||||
"key": {
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
"kid": "S5gYgpeqcIAgc1Zr4myZXpgJ_Ao4ryS6F6wqg9o8RYo",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "uYecJyfa3pKHrO36zVsPKCHAcCUoYKOic2M7_qv9Jes",
|
||||
"y": "WXzgS-36_BcXSi-G86RcLmLaHJEjmcmkhzR9ajrhhGo"
|
||||
},
|
||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEwMDAwMCwicDJzIjoiRlBVMHBJclNYbUU5VzhFSzFaMlQ2USJ9.wTT9VpKIOKzoiaBJ2fIcOYwypkKTwuKauwkf4fcfmJ6_VVQ6TykIrA.y_YTjVhmpztcOqYq.9j_pppHHcJ3_VEbt-WfxSOks05QMXNI862uYWcFGc7EVCoD1qEiKIDKEuoUSTG-_WcgkaXrag9UUQPKfDpuYi6UJcyaLkehO2DBX26DJ1T-qEYlhPxPGpx8r7p84zcg_AftypD6PNheiCLe6HOQWWuPtuPrfyUpvyfMWkJC14NZjR4iJysKP5dndxFbSTI2XCw1X-zBDVD9xMnVPlRtezIIuDi2cLEYnNaIlr5NMNQBOrzQaSo1LQaOOoSa_OrZzTdjg7HaUU5DaAA6YEDQPfFxLIJdKshvj5sxDlH_LLY58mzsGECrUx396zjvN8FD-bFSrdbCNlJJ4xhtt34c.FhRAcFIg-5k2srdtdsq2VQ"
|
||||
}
|
||||
]
|
||||
},
|
||||
"tls": {
|
||||
"cipherSuites": [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
],
|
||||
"minVersion": 1.2,
|
||||
"maxVersion": 1.2,
|
||||
"renegotiation": false
|
||||
}
|
||||
}
|
@ -0,0 +1,40 @@
|
||||
{
|
||||
"root": "pki/kubernetes/certs/root_ca.crt",
|
||||
"federatedRoots": [],
|
||||
"crt": "pki/kubernetes/certs/intermediate_ca.crt",
|
||||
"key": "pki/kubernetes/secrets/intermediate_ca_key",
|
||||
"address": ":2443",
|
||||
"dnsNames": [
|
||||
"localhost"
|
||||
],
|
||||
"logger": {
|
||||
"format": "text"
|
||||
},
|
||||
"authority": {
|
||||
"provisioners": [
|
||||
{
|
||||
"name": "sebastian@smallstep.com",
|
||||
"type": "jwk",
|
||||
"key": {
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
"kid": "S5gYgpeqcIAgc1Zr4myZXpgJ_Ao4ryS6F6wqg9o8RYo",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "uYecJyfa3pKHrO36zVsPKCHAcCUoYKOic2M7_qv9Jes",
|
||||
"y": "WXzgS-36_BcXSi-G86RcLmLaHJEjmcmkhzR9ajrhhGo"
|
||||
},
|
||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEwMDAwMCwicDJzIjoiRlBVMHBJclNYbUU5VzhFSzFaMlQ2USJ9.wTT9VpKIOKzoiaBJ2fIcOYwypkKTwuKauwkf4fcfmJ6_VVQ6TykIrA.y_YTjVhmpztcOqYq.9j_pppHHcJ3_VEbt-WfxSOks05QMXNI862uYWcFGc7EVCoD1qEiKIDKEuoUSTG-_WcgkaXrag9UUQPKfDpuYi6UJcyaLkehO2DBX26DJ1T-qEYlhPxPGpx8r7p84zcg_AftypD6PNheiCLe6HOQWWuPtuPrfyUpvyfMWkJC14NZjR4iJysKP5dndxFbSTI2XCw1X-zBDVD9xMnVPlRtezIIuDi2cLEYnNaIlr5NMNQBOrzQaSo1LQaOOoSa_OrZzTdjg7HaUU5DaAA6YEDQPfFxLIJdKshvj5sxDlH_LLY58mzsGECrUx396zjvN8FD-bFSrdbCNlJJ4xhtt34c.FhRAcFIg-5k2srdtdsq2VQ"
|
||||
}
|
||||
]
|
||||
},
|
||||
"tls": {
|
||||
"cipherSuites": [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
],
|
||||
"minVersion": 1.2,
|
||||
"maxVersion": 1.2,
|
||||
"renegotiation": false
|
||||
}
|
||||
}
|
@ -0,0 +1,8 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,fb0860a45dbae164b2657f27c2a3f1cf
|
||||
|
||||
6nFswxVAct5zIqsThsJ1uYY6gzkhMzAmurih+mhlhANfl6SHURdzk8AtutIQrFfV
|
||||
jr/vTPyr3aR+dqldt/wg1L9pJFc/OoWVlOFbltmLTkWMPk+VHKxR5V6A7IVYoKvm
|
||||
EUFzVb+aHj6M9R7ecBf0IslGQ0nsqYa54WppGHmAA4A=
|
||||
-----END EC PRIVATE KEY-----
|
@ -0,0 +1,8 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,965ede7ef96d4640932c18bdf1795645
|
||||
|
||||
treDpMX0uYFlWMiPvjYfnv6K9jmT4f8pTG6AkzZB0eeaNj04tt4FuIgrabHoZFNx
|
||||
IC1mFIRZvhJaiOXNIvQbo/Wnweu8nVV/xn73xNKBramgfXDo9WCvIsffjRg1xtsq
|
||||
s3SuONddo4IdpmrG7iEZTkDe2IzSV5NYhGsKiwvDvaU=
|
||||
-----END EC PRIVATE KEY-----
|
@ -0,0 +1,73 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/smallstep/certificates/ca"
|
||||
)
|
||||
|
||||
func main() {
|
||||
if len(os.Args) != 2 {
|
||||
fmt.Fprintf(os.Stderr, "Usage: %s <token>\n", os.Args[0])
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
token := os.Args[1]
|
||||
|
||||
// make sure to cancel the renew goroutine
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
srv, err := ca.BootstrapServer(ctx, token, &http.Server{
|
||||
Addr: ":8443",
|
||||
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
name := "nobody"
|
||||
issuer := "none"
|
||||
if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
|
||||
name = r.TLS.PeerCertificates[0].Subject.CommonName
|
||||
issuer = r.TLS.PeerCertificates[len(r.TLS.PeerCertificates)-1].Issuer.CommonName
|
||||
}
|
||||
|
||||
w.Write([]byte(fmt.Sprintf("Hello %s (cert issued by '%s') at %s", name, issuer, time.Now().UTC())))
|
||||
}),
|
||||
}, ca.AddFederationToRootCAs(), ListTrustedRoots())
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
fmt.Println("Listening on :8443 ...")
|
||||
if err := srv.ListenAndServeTLS("", ""); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
// ListTrustedRoots prints list of trusted roots for illustration purposes
|
||||
func ListTrustedRoots() ca.TLSOption {
|
||||
fn := func(ctx *ca.TLSOptionCtx) error {
|
||||
certs, err := ctx.Client.Federation()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
roots, err := ctx.Client.Roots()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if len(certs.Certificates) > len(roots.Certificates) {
|
||||
fmt.Println("Server is using federated root certificates")
|
||||
}
|
||||
for _, cert := range certs.Certificates {
|
||||
fmt.Printf("Accepting certs anchored in %s\n", cert.Certificate.Subject)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
return func(ctx *ca.TLSOptionCtx) error {
|
||||
ctx.OnRenewFunc = append(ctx.OnRenewFunc, fn)
|
||||
return fn(ctx)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue